Vulnerability Details : CVE-2018-7824
An Externally Controlled Reference to a Resource (CWE-610) vulnerability exists in Schneider Electric Modbus Serial Driver (For 64-bit Windows OS:V3.17 IE 37 and prior , For 32-bit Windows OS:V2.17 IE 27 and prior, and as part of the Driver Suite version:V14.12 and prior) which could allow write access to system files available only to users with SYSTEM privilege or other important user files.
Products affected by CVE-2018-7824
- cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:modbus_serial_driver:*:*:*:*:*:*:*:*
- cpe:2.3:a:schneider-electric:driver_suite:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-7824
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 21 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-7824
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:C/A:N |
8.0
|
6.9
|
NIST | |
4.9
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N |
1.2
|
3.6
|
NIST |
CWE ids for CVE-2018-7824
-
The product uses an externally controlled name or reference that resolves to a resource that is outside of the intended control sphere.Assigned by:
- cybersecurity@se.com (Secondary)
- nvd@nist.gov (Primary)
References for CVE-2018-7824
-
https://www.schneider-electric.com/en/download/document/SEVD-2019-099-01/
Security Notification - Schneider Electric Modbus Serial Driver | Schneider ElectricPatch;Vendor Advisory
Jump to